[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Mixed authentication and WebSVN on same host

From: Pier-Luc Petitclerc <pl_at_fusi0n.org>
Date: Thu, 9 Jun 2011 15:08:14 -0400

Hi Konstantin,

Thanks for your reply! I ended up settling for black-and-white access for
WebSVN, manually hiding private repositories

This is what I ended up doing:

<VirtualHost *:80>
> ServerAdmin pL_at_fusi0n.org
> ServerName svn.eratech.ca
> DocumentRoot /usr/share/websvn
> DirectoryIndex wsvn.php
> Alias /templates /usr/share/websvn/templates
> Alias / /usr/share/websvn/wsvn.php/
> <Directory /usr/share/websvn>
> Options -Indexes +FollowSymlinks +MultiViews
> #Require valid-user
> #Satisfy Any
> #AuthType Digest
> #AuthName "Subversion Repositories"
> #AuthUserFile /var/repos/.svnpasswd.htdigest
> #AuthzSVNAccessFile /var/repos/.svnpasswd
> </Directory>
> </VirtualHost>
>
> NameVirtualHost *:443
> <VirtualHost *:443>
> ServerAdmin pL_at_fusi0n.org
> ServerName svn.eratech.ca
> SSLEngine on
> SSLCertificateFile /etc/ssl/svn.eratech.ca.crt
> SSLCertificateKeyFile /etc/ssl/svn.eratech.ca.key
> SSLCertificateChainFile /etc/ssl/PositiveSSL.ca-bundle
> <Location />
> DAV svn
> SVNListParentPath on
> SVNParentPath /var/repos
> AuthzSVNAccessFile /var/repos/.svnpasswd
> Satisfy Any
> Require valid-user
> AuthType Digest
> AuthName "Subversion Repositories"
> AuthUserFile /var/repos/.svnpasswd.htdigest
> SSLRequireSSL
> </Location>
> </VirtualHost>
>

On Thu, Jun 9, 2011 at 3:32 AM, Konstantin Kolinko
<knst.kolinko_at_gmail.com>wrote:

> 2011/6/9 Pier-Luc Petitclerc <pl_at_fusi0n.org>:
> > The problem I have with that is related to the user authentication. I
> have
> > read that mixed authentication (anonymous vs "registered") is possible
> with
> > authz and that's what I tried implementing.
>
> Read The Book [1], as well as HTTPD manuals. [2]
>
> 1) To mix anonymous and non-anonymous auth (i.e. allow read-only svn
> access for anons) you configure different access rules for different
> HTTP methods. I.e. GET etc. will go without authentication, but
> REPORT, PUT, ... will require authentication. [1] has an example.
>
> 2) "Satisfy Any" is wrong. You should be careful with it. (If you have
> Allow/Deny statements elsewhere it will be enough to satisfy auth
> requirements).
> See [2] and you'd better configure "Satisfy All".
>
> [1]: http://svnbook.red-bean.com/
> [2]: http://httpd.apache.org/docs/
>
> >
> > However, the problem I'm having now is that Apache does not ask users for
> > credentials presumably due to the "Satisfy Any" statement. Unless I am
> > mistaken, that is how Authz work - to grab usernames off Apache's
> > authentication and associate it with the ACL specified in
> > AuthzSVNAccessFile... well, that's not working. I've tried many
> combinations
> > to no avail... so is there someone who has configured something similar?
> >
> You can configure an access log and look there for what requests and
> responses are. When apache requests auth it is HTTP response code 401.
>
> Best regards,
> Konstantin Kolinko
>

-- 
- pL
No trees were killed to send this message, but a large number of electrons
were terribly inconvenienced.
Received on 2011-06-09 21:08:45 CEST

This is an archived mail posted to the Subversion Users mailing list.